Merge pull request #9639 from awakesecurity/mz/darwin-UID-override
installer: allow overriding of NIX_FIRST_BUILD_ID on darwin (cherry picked from commit e85fd92816571ea00abafa3929298d0e091bcb9b) Change-Id: Ifffc3fedd740079345c205f54c62c76053e24846
This commit is contained in:
parent
6622abb463
commit
1d6ae6f9ff
3 changed files with 23 additions and 6 deletions
|
@ -3,11 +3,13 @@
|
||||||
set -eu
|
set -eu
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
|
|
||||||
|
# System specific settings
|
||||||
|
export NIX_FIRST_BUILD_UID="${NIX_FIRST_BUILD_UID:-301}"
|
||||||
|
export NIX_BUILD_USER_NAME_TEMPLATE="_nixbld%d"
|
||||||
|
|
||||||
readonly NIX_DAEMON_DEST=/Library/LaunchDaemons/org.nixos.nix-daemon.plist
|
readonly NIX_DAEMON_DEST=/Library/LaunchDaemons/org.nixos.nix-daemon.plist
|
||||||
# create by default; set 0 to DIY, use a symlink, etc.
|
# create by default; set 0 to DIY, use a symlink, etc.
|
||||||
readonly NIX_VOLUME_CREATE=${NIX_VOLUME_CREATE:-1} # now default
|
readonly NIX_VOLUME_CREATE=${NIX_VOLUME_CREATE:-1} # now default
|
||||||
NIX_FIRST_BUILD_UID="301"
|
|
||||||
NIX_BUILD_USER_NAME_TEMPLATE="_nixbld%d"
|
|
||||||
|
|
||||||
# caution: may update times on / if not run as normal non-root user
|
# caution: may update times on / if not run as normal non-root user
|
||||||
read_only_root() {
|
read_only_root() {
|
||||||
|
|
|
@ -25,9 +25,9 @@ readonly RED='\033[31m'
|
||||||
readonly NIX_USER_COUNT=${NIX_USER_COUNT:-32}
|
readonly NIX_USER_COUNT=${NIX_USER_COUNT:-32}
|
||||||
readonly NIX_BUILD_GROUP_ID="${NIX_BUILD_GROUP_ID:-30000}"
|
readonly NIX_BUILD_GROUP_ID="${NIX_BUILD_GROUP_ID:-30000}"
|
||||||
readonly NIX_BUILD_GROUP_NAME="nixbld"
|
readonly NIX_BUILD_GROUP_NAME="nixbld"
|
||||||
# darwin installer needs to override these
|
# each system specific installer must set these:
|
||||||
NIX_FIRST_BUILD_UID="${NIX_FIRST_BUILD_UID:-30001}"
|
# NIX_FIRST_BUILD_UID
|
||||||
NIX_BUILD_USER_NAME_TEMPLATE="nixbld%d"
|
# NIX_BUILD_USER_NAME_TEMPLATE
|
||||||
# Please don't change this. We don't support it, because the
|
# Please don't change this. We don't support it, because the
|
||||||
# default shell profile that comes with Nix doesn't support it.
|
# default shell profile that comes with Nix doesn't support it.
|
||||||
readonly NIX_ROOT="/nix"
|
readonly NIX_ROOT="/nix"
|
||||||
|
@ -699,6 +699,12 @@ EOF
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
check_required_system_specific_settings() {
|
||||||
|
if [ -z "${NIX_FIRST_BUILD_UID+x}" ] || [ -z "${NIX_BUILD_USER_NAME_TEMPLATE+x}" ]; then
|
||||||
|
failure "Internal error: System specific installer for $(uname) ($1) does not export required settings."
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
welcome_to_nix() {
|
welcome_to_nix() {
|
||||||
local -r NIX_UID_RANGES="${NIX_FIRST_BUILD_UID}..$((NIX_FIRST_BUILD_UID + NIX_USER_COUNT - 1))"
|
local -r NIX_UID_RANGES="${NIX_FIRST_BUILD_UID}..$((NIX_FIRST_BUILD_UID + NIX_USER_COUNT - 1))"
|
||||||
local -r RANGE_TEXT=$(echo -ne "${BLUE}(uids [${NIX_UID_RANGES}])${ESC}")
|
local -r RANGE_TEXT=$(echo -ne "${BLUE}(uids [${NIX_UID_RANGES}])${ESC}")
|
||||||
|
@ -718,7 +724,9 @@ manager. This will happen in a few stages:
|
||||||
if you are ready to continue.
|
if you are ready to continue.
|
||||||
|
|
||||||
3. Create the system users ${RANGE_TEXT} and groups ${GROUP_TEXT}
|
3. Create the system users ${RANGE_TEXT} and groups ${GROUP_TEXT}
|
||||||
that the Nix daemon uses to run builds.
|
that the Nix daemon uses to run builds. To create system users
|
||||||
|
in a different range, exit and run this tool again with
|
||||||
|
NIX_FIRST_BUILD_UID set.
|
||||||
|
|
||||||
4. Perform the basic installation of the Nix files daemon.
|
4. Perform the basic installation of the Nix files daemon.
|
||||||
|
|
||||||
|
@ -960,13 +968,16 @@ main() {
|
||||||
if is_os_darwin; then
|
if is_os_darwin; then
|
||||||
# shellcheck source=./install-darwin-multi-user.sh
|
# shellcheck source=./install-darwin-multi-user.sh
|
||||||
. "$EXTRACTED_NIX_PATH/install-darwin-multi-user.sh"
|
. "$EXTRACTED_NIX_PATH/install-darwin-multi-user.sh"
|
||||||
|
check_required_system_specific_settings "install-darwin-multi-user.sh"
|
||||||
elif is_os_linux; then
|
elif is_os_linux; then
|
||||||
# shellcheck source=./install-systemd-multi-user.sh
|
# shellcheck source=./install-systemd-multi-user.sh
|
||||||
. "$EXTRACTED_NIX_PATH/install-systemd-multi-user.sh" # most of this works on non-systemd distros also
|
. "$EXTRACTED_NIX_PATH/install-systemd-multi-user.sh" # most of this works on non-systemd distros also
|
||||||
|
check_required_system_specific_settings "install-systemd-multi-user.sh"
|
||||||
else
|
else
|
||||||
failure "Sorry, I don't know what to do on $(uname)"
|
failure "Sorry, I don't know what to do on $(uname)"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
welcome_to_nix
|
welcome_to_nix
|
||||||
|
|
||||||
if ! is_root; then
|
if ! is_root; then
|
||||||
|
|
|
@ -3,6 +3,10 @@
|
||||||
set -eu
|
set -eu
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
|
|
||||||
|
# System specific settings
|
||||||
|
export NIX_FIRST_BUILD_UID="${NIX_FIRST_BUILD_UID:-30001}"
|
||||||
|
export NIX_BUILD_USER_NAME_TEMPLATE="nixbld%d"
|
||||||
|
|
||||||
readonly SERVICE_SRC=/lib/systemd/system/nix-daemon.service
|
readonly SERVICE_SRC=/lib/systemd/system/nix-daemon.service
|
||||||
readonly SERVICE_DEST=/etc/systemd/system/nix-daemon.service
|
readonly SERVICE_DEST=/etc/systemd/system/nix-daemon.service
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue